Simplifying Security: Choose the Right Toolkit, not Tool.

I applaud many of our customers for being smart. Not to say other people are not, but they have made a specific choice in the past based on an understanding. They understand that a single security solution to make your IT environment safe, simply does not exist. It is the combination of tools, or your toolkit, which does. For this same reason, a carpenter has a tool chest, not a single tool.

As a founder, I get to see the feature requests. Many of them, which sound great on paper, simply do not belong in our product. Why? We focus on auditing of Unix based environments. So extensive logging features are not part of our product (for that you might want to use Splunk or other tools).

These feature requests made me think about the following question: why do we want to have just one single solution for things?

Pros and Cons

Some benefits of one solution are immediately clear: good integration, usually cheaper, and less overhead. On the other hand, one solution is often also a compromise on specialization benefits. Another issue with having too much functionality into 1 tool is that it becomes harder to use. After all, more functions have to be implemented, making the user interface harder to use. Going back to the carpenter, he would have to handle a tool so big in size, it is impossible to use.

Making Security Simple

If you want to make security simple, you should start at the beginning. It is the place where you look at your threats to your business and operations. Second are the involved risks, from business to technical risks. If the threats and risks are clear, you can start with creating your toolkit. You select the right tools for your personal toolkit. Some companies might put additional focus on logging and event management, while others focus on malware.

The Unix Way

In the field of Unix administration, we apply the rule “do one thing, and do it really well”. It is for this particular reason why Unix based systems are stable. Each tool is doing one single thing. For unclear reasons, we don’t want to apply the same when it comes to security. Maybe because it is still seen as a necessary burden? In any case, there is a lesson to learn from this. Small and simple things, usually are a lot stronger. If you want to have a powerful tool to solve a problem, select the product which is specialized in that.

Building Toolkits

If you are building your toolkit, you might wonder where to start. After all, there are so many tools available, both commercially and open source. As an extension to the carpenter analogy, let’s go from there. If the carpenter wants to keep his toolkit up-to-date, he will determine what kind of work he did lately and what is there to come. Within the world of security we should do the same. Too often, we rush into making a product purchase while we don’t really know what we need.Better planning helps to create

Better planning helps to create budget and become more proactive to deal with known and unknown threats. For example, if you are a hosting company, you might not have to deal with malware currently. If you did your risk assessment properly, you will know there is a fairly high risk of websites being infected with spam scripts. So this is a great start for filling up your toolkit with tools.

Just filling your toolkit with similar products, is a recipe for disaster. Your toolkit should have a variety set of hammers, screwdrivers, and measuring tape. We need tools to measure, like one tool for intrusion detection. Another tool might be there to limit access, or prevent something from happening at all.

Conclusion

There is no “one size fits all” tool when it comes to security. Consider yourself the carpenter who needs to work on different projects, and select the appropriate toolkit for the job. If you are in the process of selecting a new solution, drop the “it needs to have all” and consider combining more tools. Create your own toolkit, to do your job easier, using the power of each single tool.

Happy hardening!

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon